Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts in English
Ollie Whitehouse | 14 Jul 2006 07:00:00 GMT | 0 comments

I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include:
a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free.
b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down.
c) There is no need to complicate things as people still fall for e-mail phishing.

These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is starting to be used...

Symantec Security Response | 14 Jul 2006 07:00:00 GMT | 0 comments

Well, it seems that things will never get too boring around here inSymantec Security Response. There is a new, in-the-wild threat runningaround on the Internet that is exploiting a previously undisclosedvulnerability in Microsoft PowerPoint.

In particular,attackers can create specially crafted PowerPoint files to exploit thevulnerability. These files can then be special delivered to yourcomputer via your Inbox as an attachment, or perhaps placed on Webpages for downloading (like a wolf in sheep’s clothing). All you haveto do is open the file—and WHAMMO!—the vulnerability is triggered,potentially allowing the attacker to run his or her code on yourmachine.

At this point in time, we have discovered a Trojan attached to thePowerPoint exploits that we’ve seen in the wild, and made antivirussignatures available for it; the Trojan is detected as Trojan.PPDropper.B....

Ollie Whitehouse | 14 Jul 2006 07:00:00 GMT | 0 comments

I've always wondered why SMS/MMS isn't used more often for spam or other malicious activities (CommWarrior being one notable exception). After talking to people in the industry about this, (that is, the security industry with a cellular or mobile flavor) it became apparent that we all have numerous hypotheses that try to explain the lack of SMS/MMS spam or phishing attacks. Some of the ideas that I've heard over the years include:
a) It costs money to send SMS/MMS messages, whereas to send e-mail it, for all intents and purposes, is free.
b) Any spam originating from a single operator or third party SMS/MMS originator can easily be shut down.
c) There is no need to complicate things as people still fall for e-mail phishing.

These opinions are certainly valid, but I think the tide may be turning, albeit on a very small scale. SMS is starting to be used...

TWoodward | 13 Jul 2006 07:00:00 GMT | 0 comments

Researchers and engineers who are working in the security field musthave strong constitutions—especially when it comes to weatheringnegative backlash and tired conspiracy theories whenever security andMac OS X are mentioned in the same breath. With that in mind, in aneffort to improve the quality of the dialogue, I would like to discusssome important issues regarding Mac OS X and security.

Let’sstart with the hot-button issue of Mac OS X viruses. Simply put, at thetime of writing this article, there are no file-infecting viruses thatcan infect Mac OS X. I see some of you raising a hand or two, wantingto ask me some “but, what about…” types of questions. Indeed, inFebruary of this year, when OSX.Leap.Awas discovered the news headlines declared that it was the “First evervirus for Mac OS X!” Long before the digital ink dried on thosesimplistic and sensational headlines our Security...

Zulfikar Ramzan | 12 Jul 2006 07:00:00 GMT | 0 comments

In many cases we use passwords toauthenticate ourselves on Web sites where we make transactions, andpasswords represent only one mechanism for authentication. Passwordsare “something we know” (and something that, hopefully, no one elseknows). However, there are other ways of authenticating ourselves. Forexample, we can use “something we are”, such as a fingerprint or otherbiometric, or even “something we have”, such as an access control card.“Two-factor authentication” refers to the concept of using twoinstances of “something we know”, “something we are”, or “something wehave”. Two-factor authentication provides much stronger guarantees whencompared to using just one of these means of authentication.

Oneof the most popular forms of two-factor authentication involves the useof a hardware token that displays a sequence of digits that changes atset intervals. To authenticate ourselves on a network using thismethod, we provide our regular password in conjunction with...

Candid Wueest | 11 Jul 2006 07:00:00 GMT | 0 comments

Phishing attacks evolved from simple email attacks quite a long time ago. These days, we still see many attacks with obfuscated links and spoofed Web sites, but the emerging threat is in phishing malware. Even in the malware domain we have seen further developments, from basic key logging to session modification Trojans. The attacks are becoming more sophisticated in order to circumvent the current prevention methods.

Take, for example, the Trojan.Satiloler family. This threat monitors traffic that is sent and received by a Web browser. It can inject script code into received Web pages before they are passed to the user’s browser. If the Trojan finds a predefined online banking Web site, it replaces all of the Web form submit functions with its own functions. This enables the Trojan to control the information flow on that particular site without the user noticing. If a...

Candid Wueest | 11 Jul 2006 07:00:00 GMT | 0 comments

Phishing attacks evolved from simple email attacks quite a long time ago. These days, we still see many attacks with obfuscated links and spoofed Web sites, but the emerging threat is in phishing malware. Even in the malware domain we have seen further developments, from basic key logging to session modification Trojans. The attacks are becoming more sophisticated in order to circumvent the current prevention methods.

Take, for example, the Trojan.Satiloler family. This threat monitors traffic that is sent and received by a Web browser. It can inject script code into received Web pages before they are passed to the user’s browser. If the Trojan finds a predefined online banking Web site, it replaces all of the Web form submit functions with its own functions. This enables the Trojan to control the information flow on that particular site without the user noticing. If a...

Eric Chien | 11 Jul 2006 07:00:00 GMT | 0 comments

The Symantec Security Response team has received multiple reports of the hijacking of Yahoo! instant messaging accounts over this past weekend. The hijacking seems to be successful because some users are unwittingly providing their Yahoo! login credentials to a phishing Web page. There are several phishing Web pages involved in the attacks, some of which are listed here:
www.geocities.com/cindy7781115
www.geocities.com/madhatterchick15
www.geocities.com/julianna2504j15

Please use caution when receiving instant messages with links included in the text, especially any links that require you to login to another Web site. This phishing attack will attempt to use valid and current (compromised) Yahoo! accounts so that messages sent will appear to come from trusted contacts, so you'll need to keep a keen eye out for strange messages. For a detailed explanation on how this attack is carried out, please refer to my previous blog entry that describes the...

Zulfikar Ramzan | 10 Jul 2006 07:00:00 GMT | 0 comments

The development of interfaces for trustworthy information has not progressed at the same rate as computing technology in general. Today we enter passwords using a text-based interface that we assume is trustworthy, much like what we did thirty-plus years ago.

On June 19, 2006 I attended (and gave a talk at) the TIPPI Workshop that was held on the Stanford University campus. TIPPI stands for “Trustworthy Interfaces for Passwords and Personal Information”. The workshop brings together people who design security schemes with those who build user interfaces. The goal is to help solve the problem of designing trustworthy user interfaces, which has specific implications for fighting online fraud, especially when it comes to phishing.

There has been considerable progress in designing protocols for secure password authentication. For example, password authenticated key exchange (PAKE)...

Candid Wueest | 07 Jul 2006 07:00:00 GMT | 0 comments

The amount of email I have received lately regarding "making easy money from home" has increased tremendously. These “job offers” all have two things in common; you are required to have an online bank account and you must be able to check email frequently. In return for these requirements there are promises that large amounts of money can be made, usually five to ten percent in commission for every payment forwarded to the company headquarters.

To make it even more convincing, fake companies are created and complete Web sites with job offers and background information are generated. Interested parties receive convincing job offers with social benefits and health care plans. So, what's behind it? As you have probably guessed by now, these are recruitment emails from phishers. They are constantly searching for "money mules" that will receive payments from stolen accounts and then transfer the cash back to the real attacker. Many phishers are swimming in...